Help :D [Solved]
Started by
Diz187
, May 06 2010 05:23 PM
This topic is locked
#31
Posted 11 May 2010 - 03:22 PM
Diz187
- Topic Starter
-
- Member
-
- 27 posts
Member
#32
Posted 11 May 2010 - 04:28 PM
myrti
-
- Expert
-
- 2,580 posts
Expert
Hi,
we normally ask for an online scan once we are sure that the PC is clean to check for leftovers. You did the kaspersky online scan and that didn't turn up anything, so I'm pretty sure you are clean.
Not all services run by default, so it is not surprising that not all are running. Is there one in particular you are worried about?
We could run another online scan if you wished.
If you have convinced yourself that you are clean please proceed to the clean up steps and let me know if this reset your desktop.inis to hidden and so on:
Please do the following to clean up your PC:
myrti
we normally ask for an online scan once we are sure that the PC is clean to check for leftovers. You did the kaspersky online scan and that didn't turn up anything, so I'm pretty sure you are clean.
Not all services run by default, so it is not surprising that not all are running. Is there one in particular you are worried about?
We could run another online scan if you wished.
If you have convinced yourself that you are clean please proceed to the clean up steps and let me know if this reset your desktop.inis to hidden and so on:
Please do the following to clean up your PC:
- Delete the tools used during the disinfection:
- Uninstall ComboFix.exe And all Backups of the files it deleted
- Click START then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- Download OTC from the following mirror and save it to your desktop:
- Double click on
- Push the large "Cleanup" button.
- Allow your system to reboot.
- If OTC faild to remove all programs from your Desktop, please delete the rest manually.
- Install and update the following programs regularly:
- an outbound firewall
A comprehensive tutorial and a list of possible firewalls can be found here. - an AntiVirus Software
It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. - an Anti-Spyware program
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions. - Spyware Blaster
A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating. - MVPs hosts file
A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
- an outbound firewall
- Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!! - Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine. - Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing
.
- Miekies' prevention suggestions
- So How did I get infected?
- Microsoft - 'Security at home'
- Calendar of Updates: See which updates have been released.
- How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
- Commonly UsedFreeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
- osalt: Find (free) open source alternatives to known commercial software.
myrti
#33
Posted 12 May 2010 - 02:43 PM
Diz187
- Topic Starter
-
- Member
-
- 27 posts
Member
Just ran the kaspersky scan, here are the results:
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\volmgr.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3d3f711a-4b5f7e68 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5637119f-5de25db0 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined
Would you say its safe to say I'm clean now?
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\volmgr.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3d3f711a-4b5f7e68 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5637119f-5de25db0 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined
Would you say its safe to say I'm clean now?
#34
Posted 12 May 2010 - 04:37 PM
myrti
-
- Expert
-
- 2,580 posts
Expert
Hi,
yes I would say so. The files are in temporary folders and should not be able to cause any harm anymore.
THe file in qoobox should no longer be detected once you have uninstalled ComboFix.
regards myrti
yes I would say so. The files are in temporary folders and should not be able to cause any harm anymore.
THe file in qoobox should no longer be detected once you have uninstalled ComboFix.
regards myrti
#35
Posted 12 May 2010 - 07:10 PM
Diz187
- Topic Starter
-
- Member
-
- 27 posts
Member
I ran OTC and that command in run jus started combofix up. The desktop.ini file is still around and now my sounds gone on the web again, and some folders are still locked :s
#36
Posted 13 May 2010 - 08:21 AM
myrti
-
- Expert
-
- 2,580 posts
Expert
Hi,
is it possible that you had a spelling error in the command? Could you please try again? Please provide the log from ComboFix if you let it run completely.
regards myrti
is it possible that you had a spelling error in the command? Could you please try again? Please provide the log from ComboFix if you let it run completely.
regards myrti
#37
Posted 13 May 2010 - 03:32 PM
Diz187
- Topic Starter
-
- Member
-
- 27 posts
Member
I think I figured out why the command didn't work, combofix never worked properly on a normal boot so I used to boot into safe mode which I didn't do this time.
Weird thing is though, is that I scanned using combofix and after it was done my sound worked again on the web.
Heres the combofix log.
ComboFix 10-05-12.06 - Diz 13/05/2010 20:40:27.2.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1057 [GMT 1:00]
Running from: c:\users\Diz\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\%appdata%
.
((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.
2010-05-13 19:49 . 2010-05-13 19:55 -------- d-----w- c:\users\Diz\AppData\Local\temp
2010-05-13 19:49 . 2010-05-13 19:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-13 19:49 . 2010-05-13 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-13 19:37 . 2010-05-13 19:38 -------- d-----w- C:\32788R22FWJFW
2010-05-13 00:57 . 2010-05-13 00:58 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-05-12 21:07 . 2010-05-12 21:07 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-12 21:07 . 2010-05-12 21:07 -------- d-----w- c:\users\Diz\AppData\Roaming\SystemRequirementsLab
2010-05-12 18:21 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-12 18:21 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-05-12 18:20 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-05-12 18:19 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-12 18:19 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-05-12 18:19 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-05-12 18:19 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-05-12 18:19 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-05-12 18:19 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-05-12 18:19 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-05-12 18:19 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-05-12 18:19 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-05-12 18:19 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-05-12 18:19 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-05-12 15:22 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 19:45 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-11 19:45 . 2009-08-19 22:50 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2010-05-10 19:38 . 2010-05-10 19:38 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 19:21 . 2010-05-10 19:20 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-10 18:44 . 2010-05-10 18:44 -------- d-----w- c:\program files\Sun
2010-05-08 02:19 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-08 02:06 . 2010-05-08 02:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-05-08 02:01 . 2010-05-08 02:01 -------- d-----w- c:\program files\MSXML 4.0
2010-05-07 23:12 . 2010-05-07 23:12 -------- d-----w- c:\program files\ESET
2010-05-07 22:20 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-07 22:20 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-05-07 22:20 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-05-07 22:20 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-05-06 16:41 . 2010-05-06 16:41 -------- d-----w- c:\users\Diz\AppData\Roaming\Malwarebytes
2010-05-06 16:40 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 16:40 . 2010-05-06 16:40 -------- d-----w- c:\programdata\Malwarebytes
2010-05-06 16:40 . 2010-05-06 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 16:40 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 16:14 . 2010-05-06 16:14 -------- d-----w- c:\program files\ERUNT
2010-05-06 15:22 . 2010-05-06 15:22 -------- d-----w- c:\programdata\IObit
2010-05-06 15:22 . 2010-05-06 15:22 -------- d-----w- c:\program files\IObit
2010-05-01 00:32 . 2010-05-07 05:18 -------- d-----w- c:\programdata\Lavasoft
2010-04-30 14:25 . 2010-04-30 14:25 -------- d-----w- c:\programdata\hps
2010-04-30 14:22 . 2010-04-30 14:22 -------- d-----w- c:\program files\jessops
2010-04-28 16:21 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-27 19:28 . 2010-04-27 22:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-27 19:28 . 2010-04-27 22:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-27 18:46 . 2010-04-27 18:46 -------- d-----w- C:\$AVG
2010-04-27 18:34 . 2010-04-27 18:34 -------- d-----w- c:\users\Diz\AppData\Roaming\AVG9
2010-04-27 18:11 . 2010-04-27 18:11 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-27 18:11 . 2010-04-27 18:11 25096 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-04-27 18:11 . 2010-04-27 18:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-27 18:11 . 2010-04-27 18:25 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-27 18:11 . 2010-04-27 18:11 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-27 18:11 . 2010-04-27 18:11 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-27 18:11 . 2010-05-13 11:32 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-27 18:10 . 2010-04-27 18:10 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-04-27 18:10 . 2010-04-27 18:10 -------- d-----w- c:\program files\AVG
2010-04-27 18:10 . 2010-04-27 22:36 -------- d-----w- c:\programdata\avg9
2010-04-27 17:52 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-27 17:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-27 15:34 . 2010-04-27 22:58 -------- d-----w- c:\windows\system32\MpEngineStore
2010-04-26 23:13 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-26 22:58 . 2010-04-27 22:36 -------- d-----w- c:\users\Diz\AppData\Local\HWLPCDRW
2010-04-23 17:28 . 2010-04-24 17:04 -------- d-----w- c:\programdata\NexonEU
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 15:04 . 2010-02-24 21:56 -------- d-----w- c:\users\Diz\AppData\Roaming\vlc
2010-05-13 12:05 . 2010-02-24 20:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-12 23:18 . 2010-03-21 18:54 -------- d-----w- c:\users\Diz\AppData\Roaming\Skype
2010-05-12 23:11 . 2010-03-21 18:55 -------- d-----w- c:\users\Diz\AppData\Roaming\skypePM
2010-05-12 21:21 . 2010-02-24 21:09 -------- d-----w- c:\programdata\NVIDIA
2010-05-12 21:07 . 2010-05-12 21:07 290816 ----a-w- c:\users\Diz\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-05-12 21:07 . 2010-05-12 21:07 290816 ----a-w- c:\users\Diz\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-05-12 21:07 . 2010-05-12 21:07 290816 ----a-w- c:\users\Diz\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-05-12 21:07 . 2010-05-12 21:07 290816 ----a-w- c:\users\Diz\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-05-12 18:12 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 18:12 . 2010-02-24 20:44 -------- d-----w- c:\programdata\Microsoft Help
2010-05-11 19:36 . 2010-02-24 21:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-10 18:57 . 2010-03-30 23:35 -------- d-----w- c:\program files\Java
2010-05-08 02:41 . 2010-02-24 20:38 113184 ----a-w- c:\users\Diz\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-08 02:10 . 2010-02-24 20:47 -------- d-----w- c:\program files\Microsoft Works
2010-05-07 20:55 . 2010-03-19 01:23 -------- d-----w- c:\program files\HyperCam Toolbar
2010-05-07 05:18 . 2010-02-24 21:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-06 15:11 . 2010-02-24 22:43 -------- d-----w- c:\programdata\FLEXnet
2010-05-06 09:36 . 2010-02-24 20:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-30 17:47 . 2010-03-09 22:24 -------- d-----w- c:\users\Diz\AppData\Roaming\uTorrent
2010-04-27 18:26 . 2010-04-27 18:26 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-27 18:24 . 2010-04-27 18:24 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-26 22:45 . 2010-03-19 02:09 -------- d-----w- c:\program files\AVS4YOU
2010-04-26 22:38 . 2010-03-19 02:11 -------- d-----w- c:\users\Diz\AppData\Roaming\AVS4YOU
2010-04-26 20:49 . 2010-02-28 22:57 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-23 17:28 . 2010-04-23 17:28 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2010-04-23 17:28 . 2010-04-23 17:28 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2010-04-23 17:28 . 2010-04-23 17:28 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2010-04-23 17:28 . 2010-04-23 17:28 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2010-04-23 17:28 . 2010-04-23 17:28 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2010-04-23 17:28 . 2010-04-23 17:28 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2010-04-21 00:00 . 2010-03-18 19:40 -------- d-----w- c:\programdata\DivX
2010-04-18 18:44 . 2010-03-01 00:39 -------- d-----w- c:\users\Diz\AppData\Roaming\FileZilla
2010-04-13 02:21 . 2010-04-03 18:14 -------- d-----w- c:\users\Diz\AppData\Roaming\gtk-2.0
2010-04-12 04:18 . 2010-04-12 04:18 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-12 04:17 . 2010-04-12 04:17 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-12 04:17 . 2010-03-18 19:40 -------- d-----w- c:\program files\DivX
2010-04-12 04:17 . 2010-04-12 04:17 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-12 04:17 . 2010-04-12 04:17 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-12 04:16 . 2010-04-12 04:17 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-12 04:16 . 2010-03-18 19:41 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-10 18:20 . 2010-04-02 17:38 -------- d-----w- c:\users\Diz\AppData\Roaming\Xfire
2010-04-10 17:13 . 2010-04-02 17:38 -------- d-----w- c:\programdata\Xfire
2010-04-03 17:50 . 2010-04-03 17:50 -------- d-----w- c:\program files\GIMP-2.0
2010-04-02 17:38 . 2010-04-02 17:38 -------- d-----w- c:\program files\Xfire
2010-04-02 00:14 . 2010-04-02 00:13 -------- d-----w- c:\users\Diz\AppData\Roaming\Notepad++
2010-04-02 00:13 . 2010-04-02 00:13 -------- d-----w- c:\program files\Notepad++
2010-04-01 16:01 . 2010-04-01 16:01 -------- d-----w- c:\users\Diz\AppData\Roaming\Artisteer
2010-04-01 15:57 . 2010-04-01 15:57 -------- d-----w- c:\program files\Artisteer 2
2010-03-31 13:46 . 2010-03-31 13:46 -------- d-----w- c:\program files\QuickTime
2010-03-31 13:46 . 2010-03-31 13:46 -------- d-----w- c:\programdata\Apple Computer
2010-03-31 13:45 . 2010-03-31 13:45 -------- d-----w- c:\program files\Common Files\Apple
2010-03-31 13:44 . 2010-03-31 13:44 -------- d-----w- c:\program files\Apple Software Update
2010-03-31 13:44 . 2010-03-31 13:44 -------- d-----w- c:\programdata\Apple
2010-03-27 02:00 . 2010-03-27 01:58 -------- d-----w- c:\program files\ManyCam 2.4
2010-03-27 02:00 . 2010-03-27 01:58 -------- d-----w- c:\users\Diz\AppData\Roaming\ManyCam
2010-03-26 19:04 . 2010-03-26 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-03-26 02:03 . 2010-03-26 01:13 -------- d-----w- c:\program files\Webcam and Screen Recorder
2010-03-26 01:33 . 2010-03-26 01:33 -------- d-----w- c:\program files\Fake Webcam
2010-03-26 01:33 . 2010-03-26 01:33 -------- d-----w- c:\program files\Common Files\fwc
2010-03-26 00:27 . 2010-03-26 00:27 -------- d-----w- c:\users\Diz\AppData\Roaming\WebcamMax
2010-03-24 20:31 . 2010-03-24 20:31 -------- d-----w- c:\users\Diz\AppData\Roaming\GetRightToGo
2010-03-23 18:36 . 2010-02-24 21:55 -------- d-----w- c:\program files\Windows Live
2010-03-23 02:47 . 2010-03-23 02:47 -------- d-----w- c:\program files\Microsoft SQL Server
2010-03-23 02:47 . 2010-03-23 02:42 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-03-23 02:47 . 2010-03-23 02:47 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-03-23 02:47 . 2010-03-23 02:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-23 02:42 . 2010-03-23 02:42 -------- d-----w- c:\program files\Microsoft SDKs
2010-03-23 02:06 . 2010-03-23 02:06 -------- d-----w- c:\program files\Lame for Audacity
2010-03-23 02:03 . 2010-03-23 02:03 -------- d-----w- c:\program files\Audacity
2010-03-21 18:55 . 2010-03-21 18:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-21 18:54 . 2010-03-21 18:54 -------- d-----w- c:\program files\Common Files\Skype
2010-03-21 18:54 . 2010-03-21 18:54 -------- d-----r- c:\program files\Skype
2010-03-21 18:54 . 2010-03-21 18:54 -------- d-----w- c:\programdata\Skype
2010-03-19 17:29 . 2010-03-19 17:29 -------- d-----w- c:\programdata\PopCap
2010-03-19 02:11 . 2010-03-19 02:09 -------- d-----w- c:\programdata\AVS4YOU
2010-03-19 02:10 . 2010-03-19 02:09 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-03-19 01:55 . 2010-03-19 01:55 -------- d-----w- c:\users\Diz\AppData\Roaming\DivX
2010-03-19 01:55 . 2010-03-19 01:55 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-19 01:26 . 2010-03-19 01:23 -------- d-----w- c:\program files\HyCam2
2010-03-15 14:56 . 2010-03-15 14:56 94208 ----a-r- c:\users\Diz\AppData\Roaming\Microsoft\Installer\{E7394A0F-3F80-45B1-87FC-ABCD51893246}\python_icon.exe
2010-03-15 02:11 . 2010-03-15 02:08 -------- d-----w- c:\users\Diz\AppData\Roaming\TS3Client
2010-03-08 21:33 . 2010-05-07 22:19 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 23:38 . 2010-03-04 23:38 0 ----a-w- c:\windows\nsreg.dat
2010-03-01 18:19 . 2010-03-01 18:19 1923864 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-02-27 12:07 . 2010-05-07 22:19 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-05-07 22:19 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-05-07 22:19 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-05-07 22:19 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-05-07 22:19 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-25 14:23 . 2010-02-25 14:23 1923864 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-02-25 14:23 . 2010-02-25 14:23 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-25 00:37 . 2010-02-24 23:58 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-24 20:54 . 2010-02-24 20:54 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
c:\users\Diz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
avgtray.exe - Shortcut.lnk - c:\program files\AVG\AVG9\avgtray.exe [2010-4-27 2064736]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2010-2-25 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
2006-11-28 18:43 754712 ----a-w- c:\program files\Acer\OrbiCam10\OrbiCam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-04-27 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-27 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-27 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-27 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-27 242896]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-27 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-04-27 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-12-24 311568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVer3xEn;AVerMedia SAA713x BDA Encoder Service;c:\windows\system32\DRIVERS\AVer3xEn.sys [2006-11-14 1234304]
S3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-04-27 122376]
S3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-04-27 30216]
S3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-04-27 20488]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
Contents of the 'Scheduled Tasks' folder
2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727917025-3020223979-1879971377-1000Core.job
- c:\users\Diz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-28 16:21]
2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727917025-3020223979-1879971377-1000UA.job
- c:\users\Diz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-28 16:21]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Diz\AppData\Roaming\Mozilla\Firefox\Profiles\wi9i7gqh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\users\Diz\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4532)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\RTHDCPL.exe
c:\windows\System32\rundll32.exe
c:\users\Diz\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-05-13 21:01:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-13 20:01
Pre-Run: 2,975,985,664 bytes free
Post-Run: 3,554,095,104 bytes free
- - End Of File - - 21ED71810CA57FB090319DC6CF0191D1
Weird thing is though, is that I scanned using combofix and after it was done my sound worked again on the web.
Heres the combofix log.
ComboFix 10-05-12.06 - Diz 13/05/2010 20:40:27.2.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1057 [GMT 1:00]
Running from: c:\users\Diz\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\%appdata%
.
((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.
2010-05-13 19:49 . 2010-05-13 19:55 -------- d-----w- c:\users\Diz\AppData\Local\temp
2010-05-13 19:49 . 2010-05-13 19:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-13 19:49 . 2010-05-13 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-13 19:37 . 2010-05-13 19:38 -------- d-----w- C:\32788R22FWJFW
2010-05-13 00:57 . 2010-05-13 00:58 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-05-12 21:07 . 2010-05-12 21:07 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-12 21:07 . 2010-05-12 21:07 -------- d-----w- c:\users\Diz\AppData\Roaming\SystemRequirementsLab
2010-05-12 18:21 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-12 18:21 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-05-12 18:20 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-05-12 18:19 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-12 18:19 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-05-12 18:19 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-05-12 18:19 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-05-12 18:19 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-05-12 18:19 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-05-12 18:19 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-05-12 18:19 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-05-12 18:19 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-05-12 18:19 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-05-12 18:19 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-05-12 15:22 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 19:45 . 2009-08-19 22:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-11 19:45 . 2009-08-19 22:50 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2010-05-10 19:38 . 2010-05-10 19:38 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 19:21 . 2010-05-10 19:20 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-10 18:44 . 2010-05-10 18:44 -------- d-----w- c:\program files\Sun
2010-05-08 02:19 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-08 02:06 . 2010-05-08 02:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-05-08 02:01 . 2010-05-08 02:01 -------- d-----w- c:\program files\MSXML 4.0
2010-05-07 23:12 . 2010-05-07 23:12 -------- d-----w- c:\program files\ESET
2010-05-07 22:20 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-07 22:20 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-05-07 22:20 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-05-07 22:20 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-05-06 16:41 . 2010-05-06 16:41 -------- d-----w- c:\users\Diz\AppData\Roaming\Malwarebytes
2010-05-06 16:40 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 16:40 . 2010-05-06 16:40 -------- d-----w- c:\programdata\Malwarebytes
2010-05-06 16:40 . 2010-05-06 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 16:40 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 16:14 . 2010-05-06 16:14 -------- d-----w- c:\program files\ERUNT
2010-05-06 15:22 . 2010-05-06 15:22 -------- d-----w- c:\programdata\IObit
2010-05-06 15:22 . 2010-05-06 15:22 -------- d-----w- c:\program files\IObit
2010-05-01 00:32 . 2010-05-07 05:18 -------- d-----w- c:\programdata\Lavasoft
2010-04-30 14:25 . 2010-04-30 14:25 -------- d-----w- c:\programdata\hps
2010-04-30 14:22 . 2010-04-30 14:22 -------- d-----w- c:\program files\jessops
2010-04-28 16:21 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-27 19:28 . 2010-04-27 22:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-27 19:28 . 2010-04-27 22:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-27 18:46 . 2010-04-27 18:46 -------- d-----w- C:\$AVG
2010-04-27 18:34 . 2010-04-27 18:34 -------- d-----w- c:\users\Diz\AppData\Roaming\AVG9
2010-04-27 18:11 . 2010-04-27 18:11 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-27 18:11 . 2010-04-27 18:11 25096 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-04-27 18:11 . 2010-04-27 18:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-27 18:11 . 2010-04-27 18:25 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-27 18:11 . 2010-04-27 18:11 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-27 18:11 . 2010-04-27 18:11 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-27 18:11 . 2010-05-13 11:32 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-27 18:10 . 2010-04-27 18:10 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-04-27 18:10 . 2010-04-27 18:10 -------- d-----w- c:\program files\AVG
2010-04-27 18:10 . 2010-04-27 22:36 -------- d-----w- c:\programdata\avg9
2010-04-27 17:52 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-27 17:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-27 15:34 . 2010-04-27 22:58 -------- d-----w- c:\windows\system32\MpEngineStore
2010-04-26 23:13 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-26 22:58 . 2010-04-27 22:36 -------- d-----w- c:\users\Diz\AppData\Local\HWLPCDRW
2010-04-23 17:28 . 2010-04-24 17:04 -------- d-----w- c:\programdata\NexonEU
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 15:04 . 2010-02-24 21:56 -------- d-----w- c:\users\Diz\AppData\Roaming\vlc
2010-05-13 12:05 . 2010-02-24 20:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-12 23:18 . 2010-03-21 18:54 -------- d-----w- c:\users\Diz\AppData\Roaming\Skype
2010-05-12 23:11 . 2010-03-21 18:55 -------- d-----w- c:\users\Diz\AppData\Roaming\skypePM
2010-05-12 21:21 . 2010-02-24 21:09 -------- d-----w- c:\programdata\NVIDIA
2010-05-12 21:07 . 2010-05-12 21:07 290816 ----a-w- c:\users\Diz\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-05-12 21:07 . 2010-05-12 21:07 290816 ----a-w- c:\users\Diz\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-05-12 21:07 . 2010-05-12 21:07 290816 ----a-w- c:\users\Diz\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-05-12 21:07 . 2010-05-12 21:07 290816 ----a-w- c:\users\Diz\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-05-12 18:12 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 18:12 . 2010-02-24 20:44 -------- d-----w- c:\programdata\Microsoft Help
2010-05-11 19:36 . 2010-02-24 21:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-10 18:57 . 2010-03-30 23:35 -------- d-----w- c:\program files\Java
2010-05-08 02:41 . 2010-02-24 20:38 113184 ----a-w- c:\users\Diz\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-08 02:10 . 2010-02-24 20:47 -------- d-----w- c:\program files\Microsoft Works
2010-05-07 20:55 . 2010-03-19 01:23 -------- d-----w- c:\program files\HyperCam Toolbar
2010-05-07 05:18 . 2010-02-24 21:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-06 15:11 . 2010-02-24 22:43 -------- d-----w- c:\programdata\FLEXnet
2010-05-06 09:36 . 2010-02-24 20:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-30 17:47 . 2010-03-09 22:24 -------- d-----w- c:\users\Diz\AppData\Roaming\uTorrent
2010-04-27 18:26 . 2010-04-27 18:26 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-27 18:24 . 2010-04-27 18:24 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-26 22:45 . 2010-03-19 02:09 -------- d-----w- c:\program files\AVS4YOU
2010-04-26 22:38 . 2010-03-19 02:11 -------- d-----w- c:\users\Diz\AppData\Roaming\AVS4YOU
2010-04-26 20:49 . 2010-02-28 22:57 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-23 17:28 . 2010-04-23 17:28 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2010-04-23 17:28 . 2010-04-23 17:28 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2010-04-23 17:28 . 2010-04-23 17:28 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2010-04-23 17:28 . 2010-04-23 17:28 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2010-04-23 17:28 . 2010-04-23 17:28 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2010-04-23 17:28 . 2010-04-23 17:28 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2010-04-21 00:00 . 2010-03-18 19:40 -------- d-----w- c:\programdata\DivX
2010-04-18 18:44 . 2010-03-01 00:39 -------- d-----w- c:\users\Diz\AppData\Roaming\FileZilla
2010-04-13 02:21 . 2010-04-03 18:14 -------- d-----w- c:\users\Diz\AppData\Roaming\gtk-2.0
2010-04-12 04:18 . 2010-04-12 04:18 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-12 04:17 . 2010-04-12 04:17 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-12 04:17 . 2010-03-18 19:40 -------- d-----w- c:\program files\DivX
2010-04-12 04:17 . 2010-04-12 04:17 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-12 04:17 . 2010-04-12 04:17 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-12 04:17 . 2010-04-12 04:17 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-12 04:16 . 2010-04-12 04:17 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-12 04:16 . 2010-03-18 19:41 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-10 18:20 . 2010-04-02 17:38 -------- d-----w- c:\users\Diz\AppData\Roaming\Xfire
2010-04-10 17:13 . 2010-04-02 17:38 -------- d-----w- c:\programdata\Xfire
2010-04-03 17:50 . 2010-04-03 17:50 -------- d-----w- c:\program files\GIMP-2.0
2010-04-02 17:38 . 2010-04-02 17:38 -------- d-----w- c:\program files\Xfire
2010-04-02 00:14 . 2010-04-02 00:13 -------- d-----w- c:\users\Diz\AppData\Roaming\Notepad++
2010-04-02 00:13 . 2010-04-02 00:13 -------- d-----w- c:\program files\Notepad++
2010-04-01 16:01 . 2010-04-01 16:01 -------- d-----w- c:\users\Diz\AppData\Roaming\Artisteer
2010-04-01 15:57 . 2010-04-01 15:57 -------- d-----w- c:\program files\Artisteer 2
2010-03-31 13:46 . 2010-03-31 13:46 -------- d-----w- c:\program files\QuickTime
2010-03-31 13:46 . 2010-03-31 13:46 -------- d-----w- c:\programdata\Apple Computer
2010-03-31 13:45 . 2010-03-31 13:45 -------- d-----w- c:\program files\Common Files\Apple
2010-03-31 13:44 . 2010-03-31 13:44 -------- d-----w- c:\program files\Apple Software Update
2010-03-31 13:44 . 2010-03-31 13:44 -------- d-----w- c:\programdata\Apple
2010-03-27 02:00 . 2010-03-27 01:58 -------- d-----w- c:\program files\ManyCam 2.4
2010-03-27 02:00 . 2010-03-27 01:58 -------- d-----w- c:\users\Diz\AppData\Roaming\ManyCam
2010-03-26 19:04 . 2010-03-26 19:04 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-03-26 02:03 . 2010-03-26 01:13 -------- d-----w- c:\program files\Webcam and Screen Recorder
2010-03-26 01:33 . 2010-03-26 01:33 -------- d-----w- c:\program files\Fake Webcam
2010-03-26 01:33 . 2010-03-26 01:33 -------- d-----w- c:\program files\Common Files\fwc
2010-03-26 00:27 . 2010-03-26 00:27 -------- d-----w- c:\users\Diz\AppData\Roaming\WebcamMax
2010-03-24 20:31 . 2010-03-24 20:31 -------- d-----w- c:\users\Diz\AppData\Roaming\GetRightToGo
2010-03-23 18:36 . 2010-02-24 21:55 -------- d-----w- c:\program files\Windows Live
2010-03-23 02:47 . 2010-03-23 02:47 -------- d-----w- c:\program files\Microsoft SQL Server
2010-03-23 02:47 . 2010-03-23 02:42 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-03-23 02:47 . 2010-03-23 02:47 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-03-23 02:47 . 2010-03-23 02:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-23 02:42 . 2010-03-23 02:42 -------- d-----w- c:\program files\Microsoft SDKs
2010-03-23 02:06 . 2010-03-23 02:06 -------- d-----w- c:\program files\Lame for Audacity
2010-03-23 02:03 . 2010-03-23 02:03 -------- d-----w- c:\program files\Audacity
2010-03-21 18:55 . 2010-03-21 18:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-21 18:54 . 2010-03-21 18:54 -------- d-----w- c:\program files\Common Files\Skype
2010-03-21 18:54 . 2010-03-21 18:54 -------- d-----r- c:\program files\Skype
2010-03-21 18:54 . 2010-03-21 18:54 -------- d-----w- c:\programdata\Skype
2010-03-19 17:29 . 2010-03-19 17:29 -------- d-----w- c:\programdata\PopCap
2010-03-19 02:11 . 2010-03-19 02:09 -------- d-----w- c:\programdata\AVS4YOU
2010-03-19 02:10 . 2010-03-19 02:09 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-03-19 01:55 . 2010-03-19 01:55 -------- d-----w- c:\users\Diz\AppData\Roaming\DivX
2010-03-19 01:55 . 2010-03-19 01:55 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-19 01:26 . 2010-03-19 01:23 -------- d-----w- c:\program files\HyCam2
2010-03-15 14:56 . 2010-03-15 14:56 94208 ----a-r- c:\users\Diz\AppData\Roaming\Microsoft\Installer\{E7394A0F-3F80-45B1-87FC-ABCD51893246}\python_icon.exe
2010-03-15 02:11 . 2010-03-15 02:08 -------- d-----w- c:\users\Diz\AppData\Roaming\TS3Client
2010-03-08 21:33 . 2010-05-07 22:19 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 23:38 . 2010-03-04 23:38 0 ----a-w- c:\windows\nsreg.dat
2010-03-01 18:19 . 2010-03-01 18:19 1923864 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-02-27 12:07 . 2010-05-07 22:19 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-05-07 22:19 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-05-07 22:19 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-05-07 22:19 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-05-07 22:19 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-25 14:23 . 2010-02-25 14:23 1923864 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-02-25 14:23 . 2010-02-25 14:23 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-25 00:37 . 2010-02-24 23:58 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-24 20:54 . 2010-02-24 20:54 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
c:\users\Diz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
avgtray.exe - Shortcut.lnk - c:\program files\AVG\AVG9\avgtray.exe [2010-4-27 2064736]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2010-2-25 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
2006-11-28 18:43 754712 ----a-w- c:\program files\Acer\OrbiCam10\OrbiCam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-04-27 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-27 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-27 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-27 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-27 242896]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-27 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-04-27 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-12-24 311568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVer3xEn;AVerMedia SAA713x BDA Encoder Service;c:\windows\system32\DRIVERS\AVer3xEn.sys [2006-11-14 1234304]
S3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-04-27 122376]
S3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-04-27 30216]
S3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-04-27 20488]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
Contents of the 'Scheduled Tasks' folder
2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727917025-3020223979-1879971377-1000Core.job
- c:\users\Diz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-28 16:21]
2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727917025-3020223979-1879971377-1000UA.job
- c:\users\Diz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-28 16:21]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Diz\AppData\Roaming\Mozilla\Firefox\Profiles\wi9i7gqh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\users\Diz\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4532)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\RTHDCPL.exe
c:\windows\System32\rundll32.exe
c:\users\Diz\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-05-13 21:01:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-13 20:01
Pre-Run: 2,975,985,664 bytes free
Post-Run: 3,554,095,104 bytes free
- - End Of File - - 21ED71810CA57FB090319DC6CF0191D1
#38
Posted 13 May 2010 - 03:49 PM
myrti
-
- Expert
-
- 2,580 posts
Expert
Hi,
are you able to uninstall combofix from safe mode?
regards myrti
are you able to uninstall combofix from safe mode?
regards myrti
#39
Posted 13 May 2010 - 03:52 PM
Diz187
- Topic Starter
-
- Member
-
- 27 posts
Member
I'll try soon, but I've got a feeling I'm going to lose the sound from the web again
#40
Posted 13 May 2010 - 04:01 PM
myrti
-
- Expert
-
- 2,580 posts
Expert
Hi,
Removing ComboFix should only remove the files and settings ComboFix made, if you had sound before you ran ComboFix, you should also have sound after you run it.
regards myrti
Removing ComboFix should only remove the files and settings ComboFix made, if you had sound before you ran ComboFix, you should also have sound after you run it.
regards myrti
#41
Posted 14 May 2010 - 09:27 AM
Diz187
- Topic Starter
-
- Member
-
- 27 posts
Member
Right it worked, the unistall command of safe mode worked. And the OTC clean up thing worked to
I would post the log it made but I think it deleted itself on while it unistalled.
I still have the desktop.ini files around
I would post the log it made but I think it deleted itself on while it unistalled.
I still have the desktop.ini files around
#42
Posted 14 May 2010 - 11:13 AM
myrti
-
- Expert
-
- 2,580 posts
Expert
Hi,
Please try the following:
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
let me know if this hides your desktop.ini
regards myrti
Please try the following:
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
let me know if this hides your desktop.ini
regards myrti
#44
Posted 14 May 2010 - 04:14 PM
myrti
-
- Expert
-
- 2,580 posts
Expert
Hi,
very happy to hear that. If everything is fine and you do not have any more questions I'll close the thread now.
regards myrti
very happy to hear that.
If everything is fine and you do not have any more questions I'll close the thread now. regards myrti
#45
Posted 14 May 2010 - 04:31 PM
Diz187
- Topic Starter
-
- Member
-
- 27 posts
Member
Just a final note, those folder which are locked (my pictures/videos/documents & setttings) are now hidden too and are still access denied
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
